Throwback Thursday - Last Weeks Interesting Breaches in Review

The Threat Research team uses multiple sources to identify up-and-coming threats. Each week, we’ll share some of these with you. Our goal is to help you understand what’s happening with different threats in different industries so that you’ll have the latest information and protect yourself accordingly.

Hospitality

Legal Sea Foods of Boston suffered a data breach involving their web ordering system hosted by a third party organization, GetFuse.
1. Orders from January 1 to May 21, 2014 were compromised, potentially exposing 4,000 credit cards numbers, names, card expiration and security code.
2. Legal Sea Foods is not offering credit tracking assistance to customers who experience fraud

Houstonian Hotel, Club and Spa was notified by Secret Service regarding a breach.
1. Forensic investigation shows that their Point of Sale (POS) system had been accessed by an unauthorized third party between Dec 2013 – June 2014
2. 10,000 Houstonian customers were notified
3. The Houstonian is offering 12 months free of credit monitoring

Financial/Commerce

BrutPOS Botnet compromises insecure RDP servers used by POS systems.
1. New botnet campaign (active since Feb 2014) steals payment card information from POS systems by targeting Microsoft RDP servers
2. FireEye investigators reported that many compromised RDP servers (51 out of 60 in the USA) used easy-to-hack user names and passwords (e.g., pos/pos; administrator/Password1)
3. Once RDP bruteforce is successful, the malicious actor installed malware to infect the system and extract payment card information

 

Government

Chinese hackers may have breached the federal government’s personnel office.
1. Hackers targeted databases which contain files on all federal employees, including thousands who have applied for top-secret clearances
2. Attack occurred in March before it was detected and blocked
3. Attack has been traced to China, though not necessarily to the government of China